[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: casual proposal, some potential sponsors and telegram.

BTW, sure spot claims end to end encryption

On Aug 6, 2014 6:46 PM, "Jonas Smedegaard" <dr@jones.dk> wrote:
Quoting Pirate Praveen (2014-08-06 13:27:04)
> On Wednesday 06 August 2014 04:50 PM, Jonas Smedegaard wrote:
>> Being Free Software (or Open Source as some prefer to label it) is
>> good (but percentage is silly: either it is or it isn't Free
>> Software!)
>> What I objected to, however, was not the freedoms defined by "Free
>> Software" and "Open Source", but instead the freedom of independence
>> and staying in control of own devices and own data - a.k.a. privacy.
>> Code can be "100% open source" while breaching privacy.
> If we do end-to-end encryption, we can guarantee privacy.

You need to ensure both that a) the end-to-end encryption protocols are
properly designed, and b) those protocols are implemented securely.

I would advice against trusting guarantees issued by debian-dug-in
because I am unaware of any good track record of guarantees issued here.

I would recommend to instead follow advices from the Guardian project.

> But if we depend on a centralized service, we are creating dependence,
> for some reason if the service provider is shut down, you are out of
> luck. Also I couldn't figure out what protocol they use from their
> FAQ. So my recommendations are TextSecure or XMPP/OTR. I use Loqui IM
> on my Firefox OS phone (there is no TextSecure yet for Firefox OS)
> with OTR support. On desktop, you can use pidgin with otr plugin.

Beware that Pidgin has a very bad track record regarding security.
Personally I use Pidgin, but I don't rely on the OTR plugin.

If you need to trust OTR, you should probably use an alternative
implementation - some say Jitsi is better.

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Reply to: